#!/bin/bash
## 不要删除防止暴力破解程序
backlist=$(cat /var/log/secure|awk '/Failed/{print $(NF-3)}'|sort|uniq -c |grep -v session|awk '{print $2"="$1}');
allowlist=$(cat /etc/hosts.allow |awk -F ':' '/sshd:/{print $(NF-1)}');
maxnum=10
for i in $backlist
do
  ip=`echo $i|awk -F= '{print $1}'`
  num=`echo $i|awk -F= '{print $2}'`
  if [ $num -gt $maxnum ];then
    grep $ip /etc/hosts.deny > /dev/null
    deny=$?
    grep $ip /etc/hosts.allow > /dev/null
    allow=$?
    if [ $deny -gt 0 -a $allow -gt 0 ];then
      echo "sshd:$ip:deny" >> /etc/hosts.deny 
    fi
  fi
done


